Skip to main content
POST
/
v1
/
webhook_endpoints
Create a webhook endpoint
curl --request POST \
  --url https://api.callingbox.io/v1/webhook_endpoints \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://your-server.com/callingbox-webhook",
  "description": "<string>",
  "enabled_events": [
    "<string>"
  ]
}
'
{
  "signing_secret": "whsec_1234567890abcdef1234567890abcdef",
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "org_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "url": "<string>",
  "description": "<string>",
  "enabled_events": [
    "<string>"
  ],
  "disabled_reason": "<string>",
  "disabled_at": "2023-11-07T05:31:56Z",
  "consecutive_failures": 123,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
default:sk_live_your_api_key
required

API key starting with sk_

Body

application/json
url
string
required

HTTPS URL to POST events to. Must be publicly reachable.

Example:

"https://your-server.com/callingbox-webhook"

description
string | null

Human-readable label to help identify this endpoint.

enabled_events
string[]

Event types this endpoint subscribes to. Defaults to ["*"] (every event).

Response

Endpoint created

signing_secret
string
required

The HMAC-SHA256 signing secret. Returned only on create and rotate. CallingBox never shows it again.

Example:

"whsec_1234567890abcdef1234567890abcdef"

id
string<uuid>
org_id
string<uuid>
url
string
description
string | null
enabled_events
string[]
status
enum<string>
Available options:
enabled,
disabled
disabled_reason
string | null

Populated when CallingBox auto-disables the endpoint after 10 consecutive exhausted deliveries (too_many_failures) or when manually disabled.

disabled_at
string<date-time> | null
consecutive_failures
integer

Consecutive exhausted deliveries. Resets on success.

created_at
string<date-time>
updated_at
string<date-time>